Search code examples
luawiresharkwireshark-dissector

How to add to a Lua DissectorTable?

I'm writing a Lua dissector for Wireshark for a complex protocol. The protocol has a message header that includes a msgType field. I want to write a subdissector for each message type, with each subdissector stored in a separate source file.

My top-level script is general.lua which dissects the message header and creates the dissector table:

DissectorTable.new("myProtocol.Message")
dofile(DATA_DIR.."cplane.lua")

cplane.lua is a subdissector for message type 'cplane' and includes the code:

my_dissector_table = DissectorTable.get("myProtocol.Message")
my_dissector_table:add(0x02, myProtocol_cplane_proto)

Both scripts are in the same subdirectory of Wireshark's plugins directory.

When I load the plugins I get error:

Lua: Error during loading:
 [string "C:\Program Files (x86)\Wireshark\plugins\2.4...."]:9: bad argument 
#1 to 'get' (DissectorTable_get: no such dissector_table)

Lua: Error during loading:
 [string "C:\Program Files (x86)\Wireshark\plugins\2.4...."]:170: bad 
argument #1 to 'dofile' (dofile: file does not exist)

How can I fix this? Is the problem to do with the loading order of the scripts? Is the dofile() call necessary?

Solution

  • It is not necessary to use dofile as all scripts in the plugins directory are loaded. The order of loading is however not fixed (at least, it is not documented to be fixed). Currently Lua plugins are loaded after other dissectors, so trying to lookup dissector tables in the "global scope" will only work for built-in dissectors, such as tcp.port:

    local myproto = Proto("myproto", "My Protocol")
function myproto.dissector(tvb, pinfo, tree)
    ...
end
-- Register with a built-in dissector table
DissectorTable.get("tcp.port"):add(1234, myproto)

    For registering with custom dissector tables, this registration has to be deferred. In C dissectors, you would put the registration in proto_reg_handoff_PROTOABBREV (where PROTOABBREV should be substituted accordingly), but in Lua there is no such function.

    The closest you can get is the "init" routine (a property of the Proto class, proto.init). These are called when a capture file is opened, before dissecting any packets. Example:

    function myproto.init()
    DissectorTable.get("your-custom-table"):add(1234, myproto)
end